Collaborate Disseminate
AWS’ S3 storage service today launched a cheaper option for keeping data in the cloud — as long as developers are willing to give up a few 9s of availability in return for saving up to 20 percent compared to the standard S3 price for applications that need infrequent access. The name for this new […] Continue reading AWS launches a cheaper single-zone version of its S3 storage service
In my previous post, I took deep dive into AWS S3 permissions to outline the myriad of ways someone could expose their AWS S3 buckets and objects to everyone on the Internet. As I discussed there, the complexity of the S3 permission system is very powe… Continue reading Preventing Azure Storage Breaches
Responding to the all too familiar news of compromised Amazon cloud storage, security researchers have begun leaving “friendly warnings” on AWS S3 accounts with exposed data or incorrect permissions. The misconfiguration of access control on AWS storag… Continue reading Hacker Tools Used for Good as Exposed Amazon Cloud Storage Accounts Get Warnings
Leaky AWS S3 buckets have been spilling confidential information onto the public internet for years, and now anonymous hackers have created a search engine to make finding those exposed secrets even easier. New on the scene is “BuckHacker.”… Continue reading Don’t Get BuckHacked: What Are You Doing to Keep Your AWS S3 Data Private?
In a recent post on the AWS blog, Amazon announced the addition of several new encryption and security features that are now available to AWS S3 customers.
The post Amazon Announces New S3 Encryption and Security Features appeared first on Petri.
Continue reading Amazon Announces New S3 Encryption and Security Features
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files. It’s similar to a subdomain brute-forcing tool but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you’re not afraid to quickly fill up your hard drive.
Using the download feature might fill your hard drive up, you can provide a max file size for each download at the command line when you run the tool.
Read the rest of AWSBucketDump – AWS S3 Security Scanning Tool now! Only available at Darknet.
Continue reading AWSBucketDump – AWS S3 Security Scanning Tool
What’s the latest on the web, Time Warner Hacked is what it’s about now as a bad AWS S3 config (once again) exposes the details of approximately 4 Million subscribers.
This follows not long after the Instagram API leaking user contact information and a few other recent leaks involving poorly secured Amazon AWS S3 buckets and I’d hazard a guess that it won’t be the last.
Records of roughly four million Time Warner Cable customers in the US were exposed to the public internet after a contractor failed to properly secure an Amazon cloud database.
Continue reading Time Warner Hacked – AWS Config Exposes 4M Subscribers
600 gigabytes of information, including SQL database dumps, code, access logs, and customer information, belonging to BroadSoft and its client, TWC, was left online, accessible to anyone. Continue reading Four Million Time Warner Cable Records Left on Misconfigured AWS S3
The news of the week is discussed, including the AWS S3 leaks, Zerodium’s bounty on messaging app zero days, Ropemaker, and cobot vulnerabilities. Continue reading Threatpost News Wrap, August 25, 2017
An analysis of Amazon Web Services storage containers reveals troubling trend of misconfigured S3 buckets that leak data. Continue reading Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data